The National Crime Agency and the Metropolitan Police Service has convicted the UK's first home-grown financial malware writer of fraud after an investigation into fake online job adverts.

Tyrone Ellis, age 27, was a part of a south London-based criminal network of six, which used malware to record keystrokes of people who applied to bogus job adverts. The gang then used the personal information collected from the keystrokes to steal money from people's bank accounts.

Mobile phone and online chat records showed the group have stolen more than £300,000. However, the police believe that the actual figure could be more than £1 million.

The criminals posted fake job adverts for companies including Argos and Harrods, on websites such as Gumtree and Blue Arrow.

People who responded to the bogus ads were sent a hyperlink via email asking them to complete an online application form. Those who clicked on the link inadvertently downloaded the computer malware that recorded their keystrokes.

The gang used the personal data to phone banks claiming to have lost their credit or debit cards, and requesting a new pin number and card. They would then wait outside the victim's address to intercept the postman before he posted these letters.

Furthermore, the criminals used the information to defraud the emergency cash systems of several banks. By providing security passwords, the banks would issue them with a special code so that they could withdraw £60 from ATMs.

Meanwhile, one member of the gang, 26-year-old Nadine Windley pleaded guilty to using her position as an employee of Santander Bank to provide the others - Adjibola Akinlabi, 26, Damilare Oduwole, 26, Michael Awosile, 27 and Temitope Araoye, 29 - with customer account data.

Akinlabi and his brother Babatunde, 28, previously pleaded guilty to a 2008 offence of fraud, where they used illegally obtained bank details to steal cash from online bank accounts.

The group has been remanded in custody and is expected to be sentenced on 14 November 2013.

The NCA's lead cyber officer thanked the companies affected for their help with the investigation.

"Gumtree, Harrods and Blue Arrow have been extremely co-operative," said Frank Tutty.

"We especially thank the special investigation unit at Santander for their assistance in identifying the gang member employed within their bank."

Meanwhile, security software firm Sophos and Centaurine Consulting also provided technical expertise and evidence for the investigation, the NCA said.